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I. INTRODUCTION 


“There is nothing more difficult to take in hand, more perilous 
to conduct, or more uncertain in its success than to take the 
lead in the introduction of a new order of things.” 


Niccolo Machiavelli, The Prince 


By definition, an infrastructure is something that lays the foundation for 
something else. The Information Infrastructure (II) for the Ministry of Foreign Affairs 
(MFA) of Ukraine will lay the foundation for -- and thereby help shape -- new forms of 
information production, consumption, and interaction between all parts of MFA around 
the World. 

The Ministry of Foreign Affairs of Ukraine is a relatively young and middle-size 
organization. It was established in 1991 when Ukraine became an independent state after 
the collapse of the Soviet Union. At that period, there had been employed fewer than 40 
diplomats. Now the MFA of Ukraine has approximately 3000 employees in the Central 
Office and 64 embassies and consulates around the world. 

From the technical point of view, the main purpose of this government 
organization 1s a search, acquisition, interchange, process, broadcast and storage of 
different information and data. The quality of this job is very important for Ukraine, 
because these activities provide the main interface between the Ukrainian government 
and other countries and international organizations. 

Nowadays, the increasing attention to the global information society within 


international organizations such as the Group of Seven (G-7), the World Trade 


Organization (WTO), the Organization for Economic Co-operation and Development 
(OECD), NATO, and the United Nations Educational Scientific and Cultural 
Organization (UNESCO) reflects countries’ growing awareness that issues in the digital 
world possess transnational implications. Ukraine is not an exception from this process, 
but unfortunately, due to the lack of money and because of the rapid organizational 


growth, the MFA Informational Infrastructure remains undeveloped. 


A. PURPOSE 


Considering the vital role of the information and communication infrastructure, 
and realizing that the current telecommunications and information policy have not keep 
pace with the latest developments in telecommunications and computer technology, the 
goal of this thesis is develop a project for a feasible information infrastructure based on 
modern information technology such as Internet, intranet, virtual private network, and 


secure messaging system. 


B. RESEARCH QUESTIONS 


The research questions divide themselves into two main categories: 
e Problem identification and requirements. 


1. What is the current information technology in the MFA? 
2. What are their primary needs and problems? 


3. How can computers intelligently connect information seekers to sources? 
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4. How can information access be complete, correct, timely, felicitous, 
transparent, authentic, authorized, and secure? 

5. What architectures can best leverage rapidly changing information 
environments? 

6. How can groups of people and computers cooperate effectively over 
distributed networks? 

7. How should a system security be implemented? 

8. How should legacy hardware be used? 


9. How should the system be controlled and maintenance? 


e Potential solutions. 


1. What is intranet technology? 

2. What are the advantages and disadvantages of using intranet in the MFA 
of Ukraine? 

3. What kind of software and hardware are feasible for implementing a Web- 
based information infrastructure? 

4. What is a Virtual Private Network (VPN)? 

3. What are the advantages and disadvantages of using VPN in the MFA of 


Ukraine? 


a THESIS OUTLINE 


Chapter II provides background information about Current MFA Information 
Infrastructure, including basics IT needs and problems. Chapters III and IV provides an 
intranet technology overview and possible application of this technology. Chapter V 
gives a Virtual Private Network overview and the role of this network for connecting 
embassies with Kyiv (capital of Ukraine). Questions related to the secure messaging 
system and different aspects of implementation are discussed in Chapter VI. In Chapter 
VII, we will discuss Network architecture for the MFA Central Office backbone and a 
typical embassy. Computer security policy and implementation analysis you can find in 
Chapter VIII. Chapter IX provides an overview of legacy system and usage problems. 


Finally, conclusion and recommendation are covered in Chapter X. 


II. MFA INFORMATION INFRASTRUCTURE AND NEEDS 


À. CURRENT MFA INFORMATION INFRASTRUCTURE OVERVIEW 


After 1991, when Ukraine became an independent State, MFA of Ukraine had 
learned the hard way that dramatically increasing the complexity of the business and size 
of the organization greatly increased the demand for information throughout the Ministry. 
Top managers and diplomats received their education and early work experience before 
the wide-scale introduction of computer technology. In addition, in the Soviet period 
computers were mostly prohibited in MFA for security reasons. As a result, top managers 
often fail to understand technology and lack sufficient grasp of the issues to provide 
appropriate managerial direction. 

MFA according to the International Agreements also had to establish a network of 
direct communications between OSCE! capitals for the transmission of messages relating 
to the agreed measures [1]. To accomplish this task, the Ministry in 1993 created the 
Operative Communication Department within the Arms Control and Disarmament 
Directorate. This Department became “de-facto” a computer center for the entire 
organization without any formal assignment. Only in 1998, this subdivision was 
reorganized as an independent unit, which has responsibility for the development and 
implementation of the information infrastructure (ID). Unfortunately, the lack of computer 
specialists (see Table 1.), significant amount of work and deficiency of dedicated 


financing makes the elaboration of modern IT system very difficult. 


l Organization for Security and Co-operation in Europe (OSCE) 
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Table 1. The MFA IT department development facts 


Approx. # of Computers in | #of Computer # Of LANs in # of Embassies in 
Central Office Specialists | Central Office 
(Soft(Hardware) | 





Due to these reasons and absence of a strategic plan, the development of the II has 
an unplanned character. Now the following types of machines are currently in use: 

e DOS (180286, about 10 units); 

e Windows 3.x (180386/486, about 150 units); 

e Windows 95/98 (180486/Pentium/Pentium II, about 130 units); 

e Windows NT Server/WS (Pentium/Pentium II, about six units); 

e Novell NetWare 3.11 (Pentium, one unit); 

e Unix Solaris (Sun, one unit); 

e Unix BSD (Pentium, one unit). 

Therefore, maintaining such a system with two IT specialists has become 


extremely difficult. 


At the same time, embassies and general consulates had developed information 


technology systems that provide basic communication functionality (Figure 1). 





MFA 
Central Office 


Desktop 2 Laser printer Desktop N 


Laser printer File Server (NT) Desktop N-1 
Embassy 


Figure 1. MFA-to-Embassy Communication Diagram 


Since the current systems evolved without a Master Plan and without direct IT 


personnel support, the level of effectiveness, reliability, and security is still very low. 


MFA Central Office Network Diagram (Figure 2) shows that Information 
Infrastructure has problems in different areas: 
e Absence of integral computer network (backbone); 
e Absence of any LAN in most Directorates; 
e The infrastructure is fragmented by multiple “stovepipe” information systems; 
e Unnecessary OS variety; 
e Single failure point for Internet access (only one line and Web Server); 
e Low speed connection with Internet (64Kb/s); 
e Not all directorates have Internet access; 
e Diplomats do not have personal E-mail even for internal communication; 
e Computer security: 
— Absence of a firewalls; 
— Absence of a security policy; 
— System does not provide secure communication between the central office 
and remote users; 
— Presence of a large amount of modems; 
e A lot of obsolete computers in use; 


e Hardware systems do not have any backup; 
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Figure 2. MFA Central Office Network Diagram 


The As-Is system cannot meet real MFA information needs. The infrastructure is not 
planned, architected/engineered, acquired and operated from an MFA-wide perspective. 
This lack of MFA-wide perspective means that each mission area may develop its own 
capabilities instead of sharing resources and the solutions may not be interoperable and 
integrated. Furthermore, existing capabilities are not adequate to meet current changes in 
mission and policy that are part of new political and fiscal realities. 

The scarcity in resources allocated to the MFA in conditions of deep economic 
crisis in Ukraine has left the organization vulnerable and less prepared to carry out 
diplomacy in the information age. Flat and declining budgets for MFA resulted in overall 
erosion of the Ministry’s infrastructure, creating critical staffing and training gaps and 
unmet information technology needs. At the same time, the demand for new information 
technology and skills are growing exponentially. Therefore, it was impossible to make 
the investment needed to adequately equip and staff the Computer Center and embassies 


worldwide with modern information technology. 


B. CURRENT INFORMATION FLOW 


Today, the information flows between Central Office and Embassies using these 


channels: 
e Phone; 
e Fax; 


e Private WAN e-mail (using direct phone call); 
e Internet (E-mail); 

e Diplomatic mail; 

e Postal Service mail; 


Each of these methods has pro and cons: 


Table 2. Current Information Flow Channels 


| level information 
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C. PRIMARY NEEDS RELATED TO THE INFORMATION TECHNOLOGY 


The Ministry of Foreign Affairs is a part of the Government and responsible for 
providing official relations between Ukraine and other countries and RM 
organizations. Ukraine diplomacy is an instrument of power, essential for maintaining 
effective international relationships, and a principal means through which the Ukraine 
defends its interests, responds to crises, and achieves its international goals. The quality 
of this job has great impact on the country's development in many areas: economy, 


science, security, culture, and other. 
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In order to carry out Ukraine foreign policy at home and abroad, the MFA [2]: 


Exercises policy leadership, broad interagency coordination, and management of 
resource allocation for the conduct of foreign relations; 

Leads representation of the Ukraine around the world and advocates national 
policies to foreign governments and international organizations; 

Coordinates, and provides support for, the international activities of Ukrainian 
agencies, official visits, and other diplomatic missions; 

Conducts negotiations, concludes agreements, and supports participation in 
international negotiations of all types; 

Coordinates and manages the Ukrainian Government response to international 
crises of all types; 

Carries out public affairs and public diplomacy; 

Reports on and analyzes international issues of importance to the Ukrainian 
Government; 

Assists Ukrainian business; 

Protects and assists Ukrainian citizens living or traveling abroad; 

Adjudicates immigrant and nonimmigrant visas to enhance Ukraine border 
security; 

Manages those international affairs programs and operations for which State has 
statutory responsibility, and; | 

Guarantees the Diplomatic Readiness of the Ukrainian Government. 


The construction of an information infrastructure to support Ukrainian diplomacy 


in the 21st century is one of my most critical and urgent objectives. In today's fast- 


moving, increasingly interdependent, and networked world, Ukrainian diplomats must 


have modern, secure information technology to respond to world events. Providing this 


technology to the MFA means deploying the modern information networks needed for 


rapid, secure Ministry communications worldwide, strengthening information systems 


security, and ensuring Year 2000 compliance for critical communication and computer 


systems. 


According to the Internet Industry Almanac, there will be over 327 million 


Internet users by year-end 2000 up from 100 million Internet users at year-end 1997 [3]. 
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The availability of an information infrastructure, which is accessible by all Ukrainian 


citizens and by all Internet users, can offer significant opportunities to enhance the 


delivery of Government programs and services. 


In order to meet these goals, the Information Infrastructure must provide: 


Information processing and transport services used by Central Office and 
embassies; 

Support of common (documents flow control, news broadcasting, etc.) and 
specific (for Consular, Financial Management System, etc.) information 
Services; 

Secure messaging; 

Reliable access to information resources throughout the organization; 
Database management; 

The end-to-end high speed connectivity of all computers within MFA; 
Cost-effective hardware and software implementation; 

High security and integrity level for all parts of the Information system; 


Life-cycle support to all elements of the II; 


As we can see, proposed information system must satisfy multiple controversial 


requirements. The most suitable solution might be intranet or GroupWare systems like 


Lotus Notes, Microsoft Exchange and Novell GroupWise with security mechanisms 


located at any layer. 


D. PROPOSED SYSTEM 


As shown on Figure 3, the Information Infrastructure can be based on intranet 
architecture within MFA offices and Virtual Private Network over Internet for providing 
secure connectivity between them. In addition to this, some form of "object security" 
must to be implemented, where the object of interest to the end user is protected, 
independent of transport mechanism, intermediate storage, etc. Together, these elements 
can form MFA’s end-to-end and user-to-user capability for information distribution, 
processing, storage, and display. Wherever feasible and possible, the VPN and intranet 
should be looked to as main communication path for communicating within the 
organizational perimeter in order to take full advantage of IT. Consequently, it will 
improve the efficiency, quality of service and cost-effectiveness of this government 


organization. 
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Figure 3. Information Infrastructure major components 
The Information System also must provides domestic and worldwide information 
services for the Ministry, which includes managing a secure global communications 


network and maintaining the Ministry’s central automated data processing system. 





Ill. INTRANET TECHNOLOGY OVERVIEW 


In' tra net - n. 1) a computer network connecting an affiliated set of 
clients using standard internet protocols, esp. TCP/IP and HTTP. 
2) an IP-based network of nodes behind a firewall, or behind several 
firewalls connected by secure, possibly virtual, networks [4]. 


An intranet is an internal information system based on Internet technology, web 
services, TCP/IP and HTTP communication protocols, and HTML publishing. However, 
the general Internet community cannot access an organization's site. Àn intranet provides 
a technology that permits the Ministry to define itself as a whole entity where everyone 
knows his role, and everyone is working on the improvement and health of the 
organization. It works by identifying and communicating missions, goals, processes, 
relationships, interactions, infrastructure, projects, schedules, and budgets on-line, in a 
single interface everyone uses. In a word, an intranet can represents organization's 
"intelligence". The purpose of this intelligence is to organize each individual's desktop 
with minimal cost, time and effort to be more productive, more cost efficient, more 


timely, and more competitive. 


A. AN INTRANET BENEFITS AND USAGE 


The intranet is the WAN/LAN, client/server, PC, and UNIX computers that could 
be used in MFA to do the work, improve efficiency, and communicate with others. The 
universal and "open standard" offered by HTML and web technology, an intranet system 
permits offices and employees with different hardware systems to still use the same 


network. In this way, a diplomat using a PC in the Central Office and another employee 
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using a Macintosh in an embassy office could use the same intranet system without the 
need to purchase new and identical computers. With the intranet, MFA employees will 
have access to all the information, applications, data, knowledge, processes, etc. available 
in the same window, or the same browser. 
To understand the true power of web technology, we need to stop thinking about it 
as strictly an Internet tool and start evaluating it on its own rather impressive merits. 
Today web technology already offers: 


e Inexpensive client and server software. 

e An intuitive, document-based GUI interface (reads like a book, a menu, or a 
guided tour with full color in-line graphics). 

e Requires no training (just point and click on interesting topics). 

e Retrieves virtually any document type on-line (by reading document extensions 
and spawning external viewers, when necessary). 

e Supports multimedia (by retrieving and playing sounds, video, and other 
multimedia objects). 

e Supports imbedded hypertext links to local or remote documents. 

e Supports hypertext areas within graphics (e.g., customized push buttons and 
clickable maps). 

e Supports compound documents and reusable images (the newest trend in 
document architecture). 

e Supports SQL queries or other interactive retrieval, display, and updating of 
database information. 

e Supports corporate-wide standardization of on-line interfaces. 

e Supports retrieval and display of reports generated by external applications. 

e Supports on-line forms, data entry and other two-way interactive communication 
between users and computers. 

e Supports e-mail applications. 

e Supports the automatic spawning of shell scripts, batch files, or operating system 
commands. 

e Capable of spawning remote (telnet or 3270) sessions and running remote 
applications for display on the local screen. 

e Supports automatic downloading or transfer of computer files at the click of a 
button. 

e Supports user authentication and encryption schemes. 

e Supports on-line real-time commercial transactions. 

e Automatically provides feedback on system usage. 
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e Supports Internet services like Gopher, Archie, and Veronica, even on local 
networks. 

e Supports a wide variety of search engines, with rank-ordered, clickable, 
automatically hyperlinked search results. 

e Supports centralized or decentralized document management philosophies. 

e Allows "democratization" of document publishing and organization-wide 
distribution of documentation responsibilities. 

e Supports on-demand printing of desired documents on local or remote printers. 

e Non-proprietary, platform-independent, open document architecture based on ISO 
Standards. 

e Client-server architecture. 

e Consistent viewing on any resolution monitor (user can adjust fonts locally for 
better viewing). 

e Works equally well on standalone computers, local area networks (LANs), wide 
area networks (WANs), or the global Internet. 

e Works on all major desktop-computing platforms (UNIX, Mac, PC, etc.). 

e Integrated into popular computer operating environments (e.g., Windows NT, 
Mac, and Windows 95). 

e Works in any commercial network environment supporting TCP/IP [5]. 


As we can see tools, like Mosaic, Netscape, and Internet Explorer will become the 


document-based equivalent of the telephone in the 21st century. 


1: Organizational Focus 


The intranet provides an opportunity to define MFA as organization and display it 
for every employee to see. If everyone knows what the Ministry stands for, what the 
organization’s strategic vision is, what the governmental guiding principles are, who the 
allies and opponents are, then they can focus more clearly on what his own contributions 
are to the organization. Every directorate can constantly refer to the central messages and 
develop his own supporting sites accordingly. Use the Web as an information, 


communications, and project-management tool across the Ministry. 
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Des Intranet as a Tool 


We can think of an intranet as a high tech instrument, providing with a set of tools 
for almost every function within organization. For the future successful operation, MFA 
of Ukraine must rely on information, knowledge, and intelligence to create high quality 
services for the country. Information is power. In the past, it was always difficult to get 
access to it. Either we could not get reliable information, or we could not get it on time. 
Now, information is managed directly at the desktop with no particular worry about 
platform or software compatibility. 

With an intranet, any user, at any level, can publish information. This makes 
information reliable because it comes from the source. The individual can serve the 
information that can be read in any browser, and make itself linkable to any other server. 
This linkage creates process flow within organization and we can secure information and 
share information in the best way we see fit. With intranets, everyone in the Ministry can 
access information, knowledge and organization intelligence and design it in any way that 


improves business models. 


3. Intranet Uses 


Intranets can be used for many different functions within organization. 
Applications that the Ministry and embassies have been using for years are finding their 
way to the Intranet. Uses include executive decision support systems (DSS), consulate 
and visas support system, financial systems, online analytical processing (OLAP) 


applications, personal productivity applications, document management systems, and 
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residents and non-residents support and help desk applications. The list just goes on and 


on. 


4. A Decision-Making Tool 


The intranet may link together all of the information in the MFA. The 
information can be either pre-determined or we can use interactive forms or report writers 
to prune and graft information to help diplomats to analyze political trends or other 
country behavior. The Ministry can share results with other government organizations, 
embassies, clients and partners, and modify political decisions accordingly. Templates 
and common look and feel come included. With a sophisticated web-searching tool, 
diplomats need not sift through long pages of information to get what they want. They 
can just key in a few keywords, and necessary information will be served to them like a 
meal. Such a system may be useful for government delegations that work away from an 
embassy. Using Internet as an access medium, they can get the informational support in 


real time from any source, internal or external. 


5. Learning Organization Tool 


When information can be pulled instantly, decision-makers are able to analyze 
political processes, economical opportunities, and national goals much faster. It follows 
that more employees can become decision-makers. International treaties and agreements 
may be managed more efficiently. Communication is opened up to include anyone 


related to any part of a work. International requirements and laws are documented and 
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adhered to. Development occurs in a shared electronic development space, rather than 
between meetings, telephone calls, and individual schedules. The organization that 
shares information learns together, improves together, and creates a more intelligent 


structure and behavior. 


6. A Complete Communication Tool 


Integrating all the Ministry’s communications, all departmental communications, 
all group communications, and all individual communications into a place provides up- 
to-date, quality, instant information to anyone in the organization, whenever and 
wherever wanted. From one single place would easily allow everyone in the Ministry to 
get any information from the executives, human resources, politics, international 
organizations, science, economy, finance, operations, and facilities. All the hundreds of 
laws (national and international), documents, press-releases, notes, software, and training 
materials became accessible on-line. These resources will be available to everyone 24 
hours a day. Diplomats can communicate with anyone who produces this information, 
improving on its presentation or content with knowing where the information came from, 
when it was generated and how it relates to other information. Employees can send and 
receive secure e-mail messages and documents on the Intranet. By using the Intranet, 
document transfer and e-mail messaging are not exposed to the general Internet 
community. These secure and confidential communications are yet another aspect of an 
intranet that provides innumerable benefits to the users and organization alike. By using 


Virtual Private Network, diplomats can expand intranet over the globe. The Ministry can 
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use Voice over IP technology and save a lot of money, especially on international 


telephone calls. The Intranet is a powerful communication tool. 


T: Collaboration Tool 


Productivity of work will significantly improve when an easy to use, easy to learn, 
powerful tool for collaborating, project managing, data collecting, and managing 
knowledge and information is handed to everyone in a networked Ministry. This tool 
empowers people to put their best foot forward, proudly displaying their quality jobs, 
official messages, internal services, technical procedures, processes, and departmental 
goals in a place where anyone who subscribes can access them. IT also encorages 
collaborating with each other without wading through e-mail, or playing telephone tag 
sessions, or missing chance to input at a meeting. It will be possible to organize forums 
where people with common interests meet and hash out issues, until the best possible 
solution is achieved. Then, we can add audio and video conferencing, electronic white 


boards, single document sharing -- giving us a collaborative tool, the Intranet. 


8. Expert’s Tool 


With intranet any diplomat or specialist may be linked to real-time, on-line web 
sites that provide support by experts. They can share documents, archives, rules, 
problems, analysis, and bottom line information about any topic, and get any important 
information from those who know best and have spent innumerable hours researching, 


thinking, and putting ideas into action. 
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9. Invention Tool 


Any employees can find information when they needed it, and available to cut and 
paste it into their documents, presentations, messages, or reports. People will save a lot 
of the time not reinventing the wheel. Instead of information stored in filing cabinets, 
desks, garbage cans, and huge piles on desks, information is available on-line for re-use 
by anyone working on similar topics. Everyone in the organization can tell the same 


official opinion and position! 
10. Telephone of the next Century 


The intranet is a tool that has already become a utility in many companies, much 
like the telephone. Using it, we are empowered to accelerate life cycles, to focus on 
expert information, to improve services, to get a hold of anyone in the organization. The 
Intranet will allow individuals to create their own web pages, groups sites, departmental 
sites, and rule a knowledge environment in which individuals within the organization 
know who they are talking to, what they represent, and how they fit into the organization. 
The level of interaction becomes more intelligent and more streamlined to government 


goals, and national missions. 
11. Intranet Cost Savings Benefits 


One of the most obvious benefits of an intranet is an actual bottom line money 
saving. An organization using an intranet system can realize both hard and soft savings: 


e Reduced costs - printing, paper, software distribution, mailing, order processing; 
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e Reduced telephone support expenses; 

e Easier and faster access to official government and technical information; 
e Easier, faster access for remote locations; 

e More thorough research base; 

e Easier access to colleagues’ data/research efforts; 

e Increase in accuracy, and timeliness of information; 
e One consistent interface to learn and use; 

e Available information is visible; 

e Reduced information searching time; 

e Reduced setup and update time; 

e Reduced documentation costs; 

e Reduced support costs; 

e Reduced redundant page creation and maintenance; 


e Faster, cheaper information creation; 


When we consider the intangible factors of these costs, particularly in the costs of 
paying employees to perform tasks which can be eliminated or substantially reduced, it is 


easy to see the soft cost savings value of an intranet as well. 


12. Intranet Challenges 


Intranet technology has not only benefits, but also challenges. 
Potential challenges: 

e Users education and training; 

e Possibly on multiple platforms; 


e Security; 


e Bandwidth; 

e Scalability; 

e Manageability; 

e Measurement of paybacks; 

e Getting/keeping skilled Webmasters, info designers; 


e Ongoing maintenance; 


13. Intranet vs. GroupWare 


Another software solution that can meet Information Infrastructure goals is 
GroupWare system like Lotus Notes, Microsoft Exchange and Novel GroupWise. The 
bottom line difference between a WWW server and "collaborative" computing solutions 
such as Lotus Notes 1s design philosophy. Designed as a proprietary system in an era 
lacking widespread connectivity, Lotus Notes uses a proprietary database structure that 
replicates data and does not provide quick access to the remote databases. A WWW 
server, however, was designed to take advantage of the Internet's worldwide computer 
network; it eliminates the need to replicate databases by providing users with easy access 
to source data. 

Another important difference is that a single WWW server platform can support 
internal and external applications for both internal and external information sharing on 
the Internet. Lotus Notes, on the other hand, is mostly an internal application. 

Since the intranet takes advantage of WWW open-standard technology, it offers a 


great starting point for the Ministry to disseminate information within the organization 
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efficiently and cost-effectively. Initial WWW startup costs and commitments are very 
low, with a minimal initial investment or training. For example, an investment of less 
than $1K is estimated for site development (cf. multiple $10K commitment for Notes), a 
dedicated infrastructure or staff is not required, and it is extremely easy to migrate 
existing content to HTML. 

According to a recent research study, the average corporate investment in a Lotus 
Notes implementation is $245,000, with an average payback period of more than two 
years. Eighty percent of the respondents to this study targeted a single application. 
WWW applications can be fully developed and deployed for $10K or less. (Source: 
International Data Corporation). 

The WWW enables users to centralize their information resources in a single 
point-and-click environment -- the browser -- which is available on a variety of client 
platforms (PC, Mac, Unix, etc). 

The use of client browsers with one standard Window interface offers easy 
integration with other applications, such as electronic mail, faxes, calendaring, 
videoconferencing, and hot links within messages. As a single interface to a variety of 
information sources, the browser is cost-effective, highly efficient, and very easy to use. 

While commercial browsers are available as fully functional freeware, the price 
for Lotus Notes Express is $100 per user, with the full Notes client priced at $155. 

Unlike the highly technical Notes environment, the WWW server can also be 
easily managed by "content creators" rather than IS professionals. The WWW point-and- 


click environment allows non-technical directorates like Consular or Political Analysis 
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and Planning -- rather than the Computer Center -- to manage, contribute and update 
WWW content. This shift of responsibility helps reduce development costs, and 
enhances productivity by enabling the technical support staff to focus efforts on running 
the computer systems instead of maintaining server content. 

It is less expensive to develop content for the web than for Notes. A wide variety 
of third-party content tools are available for the WWW server development, while the 
few Notes content development tools are those provided. Since familiar tools, such as 
Microsoft Word, can generate HTML code, support staff rather than high-level, technical 
experts can easily create WWW content. 

Content can be easily accessed by browsers on any platform, in any location. 
Unlike with Notes, data distribution is in real-time, on an as-requested basis, over a 
public (or private) network. 

A WWW server can be easily integrated into an existing environment. For 
example, Cold Fusion or Visual Café Pro can easily connect the web browser to any 
ODBC-compliant databases to access a variety of external, pre-existing data sources. 

Authorized employees can easily access the WWW server remotely, after being 
authenticated, and download only the specific information required. This reduces 
expensive line charges ($1.5-$2 per minute, in the case of a direct international telephone 
call). For embassies with existing connections to the Internet, the incremental cost is 
virtually zero. 

The WWW can be adapted easily to multi-media applications. For example, 


video is an easy extension to the basic WWW platform, while video for Notes is an 
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expensive one-way (no conferencing) proposition ($2,700 for the server license + $120 
per client). On the WWW, using publicly available free or inexpensive utilities (Net 
Meeting, Internet Phone, etc), the MFA can deploy bi-directional desktop 
videoconferencing relatively inexpensively. 

In sum, startup, training, ongoing management, and updating of web applications 
cost significantly less than that for the Notes installation. WWW applications broaden 
the reach of a "team" application to more than an enlightened highly technical few. 

In current conditions with limited money and IS professionals, MFA does not 
specifically require "collaborative" GroupWare applications, but instead needs an easy, 
effective, fast, and inexpensive way to share information for an effective business. 

The benefits offered by the intranet include cost savings, minimal training, single 
source of data, links to outside data sources, and easy management and delivery of 
information. When we weigh these advantages, we can see that, for the Ministry of 
Foreign Affairs of Ukraine, they far outweigh the benefits of the information- handling 


capabilities of collaborative-GroupWare tools such as Lotus Notes. 


B. SUMMARY 


To summarize, the intranet may be the future of MFA Information Infrastructure. 
All future computer applications will be built and delivered on this universal foundation. 
The intranet is already functioning in the thousand different organizations around 
the world. Therefore, it can be used as an information superhighway for employees who 


want to publish and distribute data and documents instantly across the Ministry. 
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Intranet is a relatively easy add-on to the existing TCP/IP networks. Much of the 


software is available initially as freeware or shareware. 
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IV. INTRANET IMPLEMENTATION 


There are two main areas for intranet implementation — organizational and 


technical. In this document, we will discuss only the technical aspect of this problem. 


A. CHOOSING A SERVER PLATFORM 


Creating an internal web site is a low-cost, minimal risk investment. It is easy to 
implement, with little training or equipment required. The basic system configuration 
consists of a server hardware platform / operating system and WWW server software. In 
our case, the main part of the investment must be in the creation of the LAN and client 
PC installation. The LAN deployment problem has a well-known solutions and any 
modern technology like ATM or Fast Ethernet can be suitable for this task. For our 
purpose, we will assume that MFA already has client PCs in place. 

As a server platform, the requirement is server hardware with sufficient memory 
and disk space to run Windows NT, Windows 95, and/or a UNIX system platform, 
depending on our preference and in-house expertise. 

Several factors will come into play when deciding which platform we should use 
to build MFA intranet. Several major areas should guide us in the decision making: 


e Existing infrastructure; 
e Personnel skills; 

e Ease of administration; 
e Price; 

e Scalability; 


e Security; 
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e Support. 

Chapter II shows that most computers in the Ministry are PCs with MS Windows. 
It is very unlikely that in the future the Ministry will deploy UNIX computers for 
everyday work like word processing, web browsing and so on. Conversely, we probably 
would not want to install a UNIX box in an exclusively Windows environment. The 
current IS personnel cannot provide sufficient UNIX administration and support level. 

System administration is a big part of maintaining an intranet. Administrators are 
responsible for such things as adding new users, installing applications, maintaining 
security, and seeing to it that the intranet is kept up and running. In this area, NT wins 
easily. NT combines an intuitive GUI with powerful tools in an easy to use point and 
click environment. Installing new software on NT usually involves running a single setup 
program that guides the administrator through the setup process. UNIX on the other 
hand, could be a more difficult for the administrator (especially for those who are new to 
UNIX). Although some versions of UNIX have a GUI, most administration is done from 
the command line, making it difficult to visualize the process. However, one of the 
advantages of the command line is case of remote (over network) administration. Remote 
administration NT computers require special software. Setting up software applications 
on UNIX can also be a real problem. 

Another factor is cost. Because NT is relatively inexpensive, it stands to gain a 


larger market share than do more expensive UNIX operating systems.? Similarly, NT is 


2 However, some of UNIX versions are free (Linux, FreeBSD) and can run free web server program as 
Apache, AOLServer and other (see Appendix A). 


92 


designed to run on inexpensive PC platforms while the majority of UNIX OS’s are 
designed to run on larger and more expensive workstations and mainframes. Cost may 
not be an issue for larger firms like Sun and IBM, but for MFA of Ukraine, the 
differences are important. 

Actually, in same cases, Unix has advantages, and some experts prefer UNIX- 
based system. It offers a variety of vendors (no threat of a monopoly), scalability, remote 
administration, remote computing, multi-user capabilities, large palette of software 
resources (especially for the servers), vendor independent standards (POSIX), control of 
users’ disk usage (unlike NT 4), and cannot be crashed by viruses written 10 years ago for 
DOS computers [7]. Even so, NT seems to be a better solution for the MFA of Ukraine 
because we need to keep uniformity among OS’s on servers. Otherwise administration 
cost and problems will be much higher. 

An increasing number of organizations (for example, US Navy with IT21 
program) are opting for Windows NT in the development plans today, because of it open 


architecture and ease of use. 


B. CHOOSING A WWW SERVER 


WWW servers provide an efficient, single-point source of information. Pointers 
to information can be preloaded into client PC or Macintosh browsers, with links 
programmed into the documentation. High-level subject lines -- Political, Consular 
Support, Protocol Information and other -- provide an easy-to-use roadmap to further 


detailed information. Web server software facilitates management of internal WWW 
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presence on the intranet. The right WWW server software solution will give us the 
functionality required to setup and manage Home Pages, develop WWW content based 
on Hypertext Markup Language (HTML), perform text searches, and integrate with 
internal corporate databases or BackOffice applications. 

On the client side, each user who plans to access the internal WWW site will need 
a 486 or Pentium-PC (or notebook) with a minimum of 8MB memory to run client 
browser. Nowadays the best client browsers are free and can launch a variety of 
applications, access disparate databases, retrieve information from across the Internet, etc. 

WWW content software is also required to generate HTML code so users can add 
HTML tags to convert their current documents into WWW documents. It is very easy to 
develop content for the web using MS Office 97 software or one of the many 
inexpensive, third-party HTML authoring tools and editors. Depending on real 
organizational requirements, we can also take advantage of numerous other commercial 
tools that are also available, including text retrieval/indexing software, links to database 
management systems, and server configuration or management tools. 

Since the WWW server serves as the cornerstone for managing the WWW site, it 
is important to determine the type of functionality required. The following questions 
provide guidelines for making the right choice: 

e Are there special resource or configuration requirements? 

e Who will be installing the WWW server? How important is easy installation? 


e What type of search engine and text retrieval is supported? 
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e What Internet proxy support (e.g. HTTP, GOPHER, FTP) will MFA need? 
Does the WWW server support these protocols? 

e Will multiple Home Pages be installed on the same server? If so, how easy is 
it to manage and administer? Is remote administration a requirement? 

e Are HTML tools supported for application development? 

e Who will be responsible for managing the content? Will this be someone 
technical or non-technical? 

e What kind of database will support MFA employees access to organizational 
databases? 

e What are security requirements? For example, will it be necessary to protect 
highly confidential information and restrict access to certain workgroups? If 
so, what types of access controls can the WWW servers define? 

e What type of training, documentation, and ongoing support is available? 

Appropriate Web Server must support following requirements: 
e Running on Windows NT, 
e Can write to multiple logs, 
e Supports Virtual Servers, 
e Comes with a SNMP agent, 
e Supports SSL v. 3, 
e Integrated certificate server, 
e Can require password (user authorization), 


e Remote maintenance, 
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e Includes full source code for server, 
e Has a search engine. 
According to the "WebServer Compare", which is a service of internet.com [8], 
there are five matches: 
e Apache 1.3 by The Apache Group, 
e Internet Information Server 4.0 by Microsoft Corp. , 
e Lotus Domino Go Webserver 4.6.1 by IBM, 
e Netscape Enterprise Server 3.5.1 by Netscape Communications Corp., 
e Oracle Web Application Server 3.01 by Oracle Corp. 
The Netcraft Web Server Survey [9] provides a survey of Web server software 
usage on Internet connected computers. The most popular Web servers are Apache and 
Microsoft IIS. In the December 1998 survey received responses from 3,689,227 sites. 


(see Figure 4 and Figure 5) 
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Figure 5. Growth in Internet Web Sites August 1995 - December 1998 


It will be feasible to choose Internet Information Server v.4 from Microsoft or 
Apache from the Apache Group as primary candidates for Web server software. 

Based on in-depth reviews and Web server analyses made by Mecklermedia 
Corporation [10], we can compare the ratings of these software products (rating range 


from one to five, one means bad, two -- better, etc.). (Table 3.) 
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Table 3. Web Servers ratings 


Ease of use 5 4 


These ratings and detailed comparison of the features (Appendix A) show that 
Apache has more advantages; its market dominance is not a mistake. High reliability and 
performance make Apache a number one candidate for the deployment as a server 


platform. 
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V. VIRTUAL PRIVATE NETWORK OVERVIEW 


A. VPN TECHNOLOGY OVERVIEW 


The Internet is an almost ideal media for information retrieval and exchange 
between MFA offices around the world. It is cost-effective, easy to use and accessible in 
every capital city of the world. The Internet is a shared media, to which millions of users 
are connected, and there are very few regulations on how it is to be used. Moreover, just 
as these traits make the Internet an attractive method for honest activity, so too do they 
make it a very efficient medium for devious tasks such as data tampering, eavesdropping 
and theft. 

The widespread hacks have generated a demand for turn-key solutions capable of 
— secure Virtual Private Networks: cost effective multi-site networks built on 
public backbones. The IT community has responded, and the results are emerging VPN 
technologies that incorporate network encryption, access control, certification and 
network management. 

Not surprisingly, secure VPNs represent one of the hottest areas of the 
international networking market. Spending on VPN products, systems integration and 
ISP services is projected to grow from an estimated $205 million in 1997 to $11 billion in 
2001, according to a 1997 report by San Jose, Calif.-based Infonetics Research, Inc. 
[11]. 

VPN systems enable distributed private networks to communicate securely with 


each other over untrusted, public networks. They encrypt transmitted information with 
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complicated algorithms to hide sensitive data from unauthorized access. The general 


process is as follows: 


lis 


A protected host sends clear traffic to a VPN kit (the source device) located at the 
point of connection to the public network. 

The source device examines the data according to rules specified by the network 
manager, securing the information or allowing it to pass unaffected. 

When data protection is required, the source device encrypts (encodes) and 
authenticates (attaches a digital signature to) the whole packet, including the 
transmitted data as well as the source and destination host IP addresses. 

The source device then attaches a new header to the data, including the information 
that the destination device requires for security functions and process initialization. 
The source VPN kit then encapsulates the encrypted and authenticated packet with the 
source and destination IP addresses of the destination device, or devices. This results 
in a virtual tunnel through the public network. 

When the data reaches the destination device, it is decapsulated, its digital signature is 
checked and the packet is decrypted. 


The result of the tunneling process is the scrambling of transmitted information to 


make it legible only to its intended recipient. Creating a secure VPN usually requires 


devices capable of performing the different scrambling tasks as well as guidelines that 


determine what communications traffic is encrypted and what is not. In order to address 


these issues, secure VPNs work according to predefined rules and operate automatically 


and transparently to the user. Employees residing in the VPN work normally. They can 
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go on line, send email to other diplomats and specialists or download documents, and the 
VPN determines which of their tasks are to be conducted secured and which should 
continue in the clear. Full privacy is maintained, communications costs are reduced, but 
efficiency and employee output remains unchanged. 

For MFA, there are a number of options in setting up a VPN. We can choose 
between software add-ons to routers, software firewalls with encryption patches, software 


VPN systems, or dedicated hardware VPNs. (Appendix B and C) 


1. Encryption 


Encryption is the starting point of any VPN solution. One of the essential 
differentiators between effective and ineffective VPNs is the use of well-established 
encryption algorithms and strong encryption keys. Several techniques are suitable, 
although the symmetric GOST 28147-89 (for former Soviet Union countries) or 
DES/3XDES (for the USA) algorithms are mostly used for payload encryption while the 
asymmetric (also known as Public Key) RSA and Diffie-Hellman algorithms are popular 
for key exchange. The above mentioned encryption keys are well known and tested, and 
libraries of information have been devoted to their reliability and efficacy. 

Encryption 1s a difficult process, and when dealing with the quantities of 
information transferred across modern networks, CPUs can be confronted with staggering 
workloads. It is not surprising, therefore, that the secure VPN market is heading towards 


dedicated hardware solutions over their software equivalents. 
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Hardware focussed on security-only functions is better able to cope with the 
strains involved in encryption and authentication and, as a result, can provide powerful 


security features without significantly affecting network performance. 


2. Key Generation and Management 


Since encryption algorithms are well known, the strength of the encryption 
process comes down to the key used in encrypting and deciphering transmitted data—the 
well-kept secret shared by the component machines of the VPN— and the protocol used 
in the key management process. 

The security of the VPN's encryption methodology is a combination of the 
following factors: 

1. Key length: In general, the longer the key, the tougher to break. Today, a key 
length of less than 56 bits (when using the DES algorithm) is considered 
insecure. 

2. Key exchange mechanism: As mentioned above, keys are the common secret 
upon which the whole encryption process strength is based. Key exchange, 
therefore, should be based on well-established algorithms (e.g., Diffie- 
Hellman for encryption and RSA for signature) as specified in strong key 
management standards. Today, the IKE protocol (rather than Simple Key 
Management for Internet Protocol, or SKIP), is the preferred method. The 
primary advantage of IKE over SKIP is the former's ability to negotiate with a 


number of different encryption keys. This prevents unrecognized messages 
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from being sent outside protocol guidelines, thus providing greater robustness 
and enhanced security. In addition to standard methods, MFA has privilege to 
use diplomatic mail for the key distribution with a high level of security. 
Recordable CDs with a capacity of 650 MB of data (or DVD-RAM) can be 
used even for the implementation a one-time pad protocol. 

. Rate of key exchange: As a rule, the more frequently a key is automatically 
exchanged, the more secure the encrypted data. VPN solutions which use 
manual (by diplomatic mail) key exchange could be insecure, as users may not 
always remember to change keys or may choose not to bother with the often 
cumbersome manual key exchange process. Similarly, a key exchange only at 
the end of a session is unreliable, as large amounts of data can be accessed if 
the key 1s compromised. 

Key generation: In principle, the use of true random keys ensures the highest 
levels of security. With real random numbers as the bases for encryption keys, 
it is impossible to know or predict the structure of past or future keys. The 
best method of key generation is hardware (usually, a noise diode). Software- 
based key generation, in contrast, use known algorithms, which, given enough 


time and money, can be cracked. 
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3. Certification 


Certification is the registration and identification of VPN components. It requires 
establishing well-defined secrets between a centrally controlled Certification Authority 
and any VPN device. A poorly designed and implemented certification process, such as a 
password, may result in an “easy to join" VPN to which unwanted entities may connect as 
members. 

The first step in adding new gateways to the VPN involves the transfer of secret 
information in a simple yet secure way (diplomatic mail). This process must be carried 
out with extreme caution as no encryption system has been established. The use of 
secured hardware tokens is recommended for this preliminary certification phase, as they 
provide a secure means of loading the security information, off line, into the new 
gateway. 

Once the transfer of the initial secret is complete, the rest of the certification 
process, as well as the distribution of the new certificate to all existing VPN gateways, 
should be done secretly and quickly in order to allow for the fastest possible set-up and 
operation. It is necessary, therefore, to employ a fully automatic and secure (encrypted 
and signed) certification process. VPN solutions which send the initial secret unprotected 
message over untrusted networks are ineffective and are not secure, and those which 
involve the manual input of new units into an existing data base involve significant costs 


when expanding the VPN. 
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4. Tunneling 


Tunneling is the encapsulation and encryption of entire transmitted packets. An 
effective tunneling mechanism hides the networking data in addition to the application 
and payload layers, i.e. from layer three and above (referring to the OSI model). A VPN 
solution, which only encrypts the payload, is not sufficiently secure, as a multitude of 
information is obtained by analyzing networking parameters. 

Layer three tunneling is also advantageous from a scalability standpoint. As IP's 
dominance continues to strengthen, greater will the need become to protect all varieties of 
IP applications over IP backbones. Layer three encryption is application and network 
independent. It can be applied to any form of routable communications (voice, video, and 


data), thus providing an effective scalability pathway. 


5. Interoperability 


The emerging Internet Protocol Security (IPSec) standard [12], as created by the 
Internet Engineering Task Force (IETF), is becoming the international standard for virtual 
private networking. With IKE key management at its base, IPSec has created a secure 
means for interoperable security. It guarantees that encrypted information is protected on 
its way from one network to another, while also allowing partner organizations to link 
their respective VPNs together, even if their encryption systems were manufactured by 


different vendors. VPN solutions that are not IPSec-compliant (i.e. not interoperable with 
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the industry standard) will prove more expensive in the long run and will limit a 


government VPN’s growth potential. 


6. Access Control 


Encryption without effective and efficient access control (1.e., *firewalling") is but 


half the VPN technology, for Internet-based VPNs require defense mechanisms from 


those who would seek to hack their way into the networks from the Internet. Two issues 


of primary importance in evaluating the strength of firewall features are the operating 


system on which the system runs and the methodology used: 


l. 


Operating system: Software-based solutions are built on well-known operating 
systems, such as UNIX and NT. Hacking methods for targeting bugs and security 
holes in these operating systems are readily available on the Internet. Hardware-based 
solutions, in contrast, employ real time, hardened operating systems that do not fall 
victim to popular hacking methods. The strength of the hardware VPN’s OS 
translates into better security throughout the network. 

Methodology: The effectiveness of a firewall is linked directly to the scope of its 
inspection technique. Access control systems must be able to analyze all levels of 
incoming and outgoing data, including the content payload itself. Content analysis 
gives the ability to look inside data flowing through the VPN system. It can weed out 
commands from sessions, such as FIP “get” or “put” instructions, thereby providing 


limited access to areas of a VPN but preventing attempts to alter stored information. 
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7. Performance 


Effective VPN solutions must be able to operate at true wire speeds. Those that 
do not will form a bottle neck in the communications environment and will prevent the 
transfer of information. The performance issue becomes even more crucial when more 
complex encryption algorithms are used (e.g., Triple DES). Hardware-based solutions, 
which are fully dedicated to the task of generating and processing encryption algorithms, 
are better suited to coping with longer encryption algorithms, and therefore provide a 


communications infrastructure better able to adapt to the needs of the future. 
8. Network Reliability and Management 


A VPN is a networking solution. As such the basic requirements of other 
networking media must be met by a VPN. 

1. No single point of failure: This important characteristic is achieved through the 
incorporation of automatic backup gateways (redundancy) into a VPN. Mission 
critical networking applications require redundancy options for worse case scenario 
planning. The recent failure of a MFA communication computer and its impact on 
information flow clearly demonstrated that the unthinkable could and will take place. 
In order to protect a VPN from the potentially disastrous effects of an office fire, for 
example, it is important to include “hot backup” topologies within the network 
architecture. In addition, VPN devices must be configurable to distribute security 
functions throughout the network. Centralized session or key distribution authorities 


are incompatible with mission critical communications. 
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2. Network management: the over-riding concept behind VPN communications is the 
use of security technologies to increase connectivity. Capable security features in 
themselves, however, do not an effective VPN make. Indeed, powerful control 
capabilities are of primary importance in VPN communications, as wide area 
networking is at best a complicated endeavor. A VPN must include management 
methods that allow for centralized and regional control over the security devices (and 
the other networking components) within the network. 

3. Management Security: A VPN’s management traffic is the most sensitive data 
flowing in the network. It includes policy table updates, security auditing and logging 
data, key exchange definitions (elapsed time or bytes sent), and encryption and 
authentication methodologies. In order to maintain the confidentiality of such 
information it is important to secure it with no less than the same technologies used 
for the other forms of VPN traffic. Better still, however, would be to provide a 
dedicated encryption plus firewall device for the central management station. Such a 
precaution not only secures management traffic as it traverses the public network, but 
it also builds a wall between the VPN master manager and personnel residing in his 
own local network who might seek to undermine the security of the VPN. 

The above user needs we can collate with real VPN products (Appendix B, C). It 
must be built on dedicated hardware platforms, and deliver advanced security features in 
tamper proof and easily managed solutions. VPN products must provide IPSec network 
encryption, integrated firewall functions, redundant back-up tunneling, advanced dynamic 


key management, network address translation (NAT), automatic network topology 
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learning and IPSec encrypted VPN management traffic. Designed for both large (MFA 
Central Office) and small (embassy) scale environments, implemented VPNs must come 
with user-friendly management systems that provide simple and secure pathways (with 
IPSec encryption and dedicated firewall support) for centralized and regional network 
management. 

As the VPN market begins to mature, we are confident that this demand will be 
provided by the manufacturers. Ukraine also has companies like "Almaz" that produce 
appropriate hardware solution for VPN using GOST 28147-89 as an encryption 


technique. 
9. Government Standard of the USSR and Russia GOST 28147-89 


The Government Standard of the USSR 28147-89 [13], cryptographic protection 
for data protection systems, appears to have played a role in the Ukraine similar to that 
played by the U.S. Data Encryption Standard (FIPS 46). When issued, it bore the 
minimal classification For Official Use’, but is now said to be widely available in the 
Former Soviet Union and elsewhere. In apparent contrast to DES’s explicit limitation to 
unclassified information, the introduction to GOST 28147-89 contains the remark that the 
cryptographic transformation algorithm "does not place any limitations on the secrecy 
level of the protected information." 

The algorithms are similar in that both operate on 64-bit blocks by successively 
modifying half of the bits with a function of the other half. Beyond that, the similarity 


declines and several differences are visible. 
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e The Soviet System has 32 rounds compare to the 16 of DES. 

e Each round is somewhat simpler than a round of DES. In the f function, 32 bits 
of text are added modulo 32 to 32 bits of key, transformed by a block of eight, 4- 
bit to 4-bit S-boxes and rotated 11 bits to the left. 

e In contrast to DES’s meager 56 bits of key, GOST 28147-89 has 256 bits of 
primary key and 512 bits of secondary key. The secondary key is the block of 
eight S-boxes, which are specific to individual networks and are not included in 
the standard. 

e In place of complex key schedule of DES, the primary key is divided into eight 
32-bit words. For the first twenty-four rounds, these are used cyclically in 
ascended order. For the last eight, they are used in descending order. 

The standard is also somewhat broader than FIPS46. It includes output feedback 
and cipher feedback modes of operation, both limited to 64-bit blocks, and a mode for 
producing message authentication codes. 

This Standard provides strong encryption and ease of software and hardware 
implementation. The software network protection driver ensures the transparent 
modification of the IP-packets within the network with the rate of 500 Kbytes/s (Pentium 


166 processor, network rate without driver 900 Kbytes/s). [14] 
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VI. SECURE MESSAGING 


The major benefit of VPN approach is no software or knowledge is required at the 
users’ desktops. All necessary traffic is encrypted and signed at the Ministry level. 
Therefore, this approach will work regardless of the e-mail and other subsystems in use in 
the MFA. 

In addition, the some VPN products can perform virus checking and content 
management, to protect organization network from “spam” and Trojan Horses. However 
it does not provide encryption to the desktop, or address “person to person” 
authentication issues and it can leave the interior of such networks open to attacks from 


the inside. 


B. MINISTRY TO INDIVIDUALS MESSAGING 


By using the secure client software, the Ministry must be able to build secure 
messaging system between offices and individuals across the Internet. The client 
software must provide messages encryption using S/MIME, PGP/MIME or other similar 
protocol. That kind of product may by integrated into the leading e-mail applications as a 
"plug-in" or be a standalone program. Used in conjunction with the secure mail server it 


must provide a secure messaging solution between Ministry and individual users. 
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Figure 6. Ministry to individual secure e-mail 


In this example, users on the Internet wishing to sign and encrypt e-mail to the 
Ministry would require the public key of the Ministry. This could be communicated 
electronically over e-mail, published on a Web Server or stored in an LDAP (Lightweight 
Directory Access Protocol) directory. 

The secure mail server must be able to define policies at the user level. Therefore 
once it has the public key of a user running the secure client, it can encrypt and sign all e- 
mail to the user. 

This architecture is ideal for an MFA that has a requirement to exchange e-mail 
securely with delegations, other government, and international organizations, who do not 
have sufficient amount of users to justify the investment in the VPN or for another 


reason. 
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C: PERSON TO PERSON MESSAGING 


The secure e-mail client can be used to provide person to person encryption and 
authentication solutions. For example, software products like PGP from Network 
Associates Inc. can be used for this purpose and provide a high level of object security. 
(See Appendix E.) That type of secure client should be deployed within an organization 
to secure e-mail for senior diplomats, managers, financial officers and other specialists, as 
well as across the Internet. The main benefits of this solution are high security level for 
the objects (files, messages, disks, etc.), the elimination of the need to retrain users on a 


new e-mail package and the retention of the existing e-mail infrastructure 
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Figure 7. Person to Person secure e-mail 


The example above shows two users exchanging encrypted and signed e-mail 


across the internal e-mail system, and the same users communicating over the Internet to 
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someone outside the organization. In order for these users to communicate securely, they 
must first exchange certificates containing each users public key information. These can 
be exchanged by e-mail and then authenticated by checking the checksum or hash using a 
secure method e.g. over the telephone. 

Alternatively users can have their certificates “certified” by a Trusted Third Party 
(TTP); this may be an internal Certificate Authority (CA) or an external organization such 
as Verisign. Using certificates authenticated by a TTP eliminates the need to establish 
trust on a “one-to-one” basis. 

Pros and Cons 

The benefit of this approach is it enables secure messaging at the user’s desktop. 
Users are able to store encrypted messages in folders and communicate both internally 
and externally. 

This approach is ideal for communicating with small populations of users, 
however managing and exchanging digital certificates for larger numbers of users can be 
impractical. 

By using the Certificate server it is possible to deploy person to person secure 


messaging across the whole Ministry. 
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Figure 8. Messaging system with certificate server & PKI 


The certificate server provides a central repository for digital certificates and 
removes the requirement placed on the user to exchange public key information. The 
clients and mail servers can access the certificate server to obtain up-to-date public key 
information. 

The certificate servers also must provide a direct interface to any Public Key 


Infrastructure (PKI) that supports X.509 Certificates. 
D. SUMMARY OF REQUIREMENTS FOR SECURE E-MAIL SOLUTION 


Any secure electronic mail solution must be based upon a robust set of 
requirements that make it enforceable, manageable, easy-to-use for end-users, 
interoperable, reliable, and scaleable: 


i. Security policies must be enforceable. Secure messaging solution must allow 


administrators and policy-makers to both define and enforce MFA security 
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pi 


> 


4. 


policies for object security. System must allow administrators to mandate virus 
scanning, content control, access control, encryption, and digital signature policies 
from a central point of administration. 

Solution must be ubiquitous. Security solutions are most effective when they 
apply to everyone in an organization. Secure mail server should intercepts every 
piece of e-mail or other object and enforces security policies on it. Further, client 
and server both should support the S/MIME protocol for encryption and digital 
signature, making them interoperable with millions of other S/MIME-enabled 
applications (such as Netscape Communicator). 

Solution must be easy to use for end users. Secure messaging system must be 
designed as a security overlay to existing e-mail products and technologies. The 
secure client must natively "plugs in" to existing desktop e-mail clients. With this 
approach, end users can continue to use the applications they are familiar with, 
while adding the benefits of secure e-mail. Even better, the secure mail server 
should be completely transparent to the end user. Its job 1s to define and enforce 
e-mail policies, while providing reminders to e-mail users when they are in policy 
violation. 

Solution must be modular and interoperable. Secure messaging system must 
supports major open standards for all elements of the solution, including S/MIME 
as the secure e-mail protocol, LDAP for the directory/certificate access protocol, 
and X.509 for digital identification. Additionally, it should supports a wide 


variety of trust models — including the most flexible choice of certificate 
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authorities available from a secure application suite. This allows MFA users to 
combine their preferred e-mail solutions with their preferred certificate authority. 
5. Solution must be easy to deploy and manage. Secure messaging system must has 
both client and server components that have a quick installation, with very few 
steps to perform before the products are up and running. The server should runs 


on Windows NT. 
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VI. NETWORK ARCHITECTURE 


A. OVERVIEW 


To build an end-to-end networking solution, it is important to consider the three 
essential building blocks. They include the local area, remote access, and wide area 
portions of the MFA network. All three of these building blocks play a part in deploying 
Internet access, intranets, and VPN. 

For each of these areas there is three qualities that matter in a network: reliability, 
usability, and value. To ensure a reliable network, we must determine how robustly it 
must perform, how resilient and available, and how secure it will be. To have a usable 
network, it must provide easy installation, operation, and service of the network, all of 
which can dramatically reduce overall cost of ownership. Value goes beyond the initial 
purchase price to include how well MFA network adapts to change and therefore protects 


government investment over time. 


B NETWORK DESIGN 


As Figure 9 shows, designing a network is an iterative activity. 

The first step for the network design is understands network requirements. There 
are several methods to obtain this information: 

e User community profiles--Outline what different user groups require. 

e Interviews, focus group, and surveys--Build a baseline for implementing a 


network. 
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e Human factor tests--The most expensive, time consuming method is to 


conduct a test involving representative users in a lab environment. 


Assess needs 













Select topologies and 
technologies to satisfy needs 


Estimate costs and available 
budget 


Model Network workload 


Simulate behavior under 
expected load 


Perform sensitivity tests 


Rework design as needed 





Figure 9. General network design process. 


Hierarchical models for network design [15] allows us to develop network and 


select topologies and technologies in layers. By using layers, we can simplify network 
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design. Each layer can be focused on specific functions and features. Hierarchical 
network design includes the following three layers: 
e The backbone (core) layer that provides optimal transport between sites. 
e The distribution layer that provides policy-based connectivity. 
e The local access layer that provides workgroup/user access to the network. 
Figure 10 shows a high-level view of the various aspects of a hierarchical network 


design. 
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Figure 10. Hierarchical network design model. 


The core layer is a high-speed switching backbone and should be designed to 
switch packets as fast as possible. This layer of the network should not perform any 
packet manipulation, such as access list and filtering. that would slow down the switching 
of packets. 

The distribution layer of the network provides boundary definition and 1s a place 


at which packet manipulation can take place. The main functions of this layer: 
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e Address or area aggregation. 

e Departmental or workgroup access. 

e Broadcast/multicast domain definition. 

e Virtual LAN routing. 

e Security. 

This layer provides policy-based connectivity. 

The access layer is the point at which local end users are allowed into the 
network. In the MFA environment, access-layer functions can include following: 

e Shared bandwidth. 

e Switched bandwidth. 

e MAC layer filtering. 

e Microsegmentation. 

The layers are defined to aid successful network design and to represent 
functionality that must exist in a network. The instantiation of each layer can be in 
distinct routers or switches, can be represented by a physical media, can be combined in a 
single device, or omitted altogether. The way the layers could be implemented depends 
on the needs of the network being design. We do not have possibility to lius: all 
phases and details of the network design in this chapter. We just can show an example of 
the MFA Central Office network diagram and an embassy communication and network 


diagram. (Figures 11 and 12). 
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Figure 11. MFA of Ukraine Central Office network diagram. 
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VIII. COMPUTER SECURITY POLICY AND IMPLEMENTATION 


A. COMPUTER SECURITY 


Computer security refers to the technological safeguards and managerial 
procedures which can be applied to computer hardware, programs, data, facilities and 
workplaces to assure the availability, integrity, and confidentiality of computer based 
resources and to assure that intended functions are performed without harmful side 
effects. Computer security must be presented in the areas of physical, software, 
information, and network security as they relate to the security requirements of 
Information Infrastructure. The intent of this chapter is to discuss the following security 
objectives: 

e Confidentiality of classified or sensitive information handled by the MFA 

computer system. 

e Integrity of information and related processes handled by MFA Information 
Infrastructure, from its origin through input, processing, and finally the output 
phase. 

e The availability of information when it is needed. 


e Accountability of persons accessing the data. 
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B. THREATS AND CONTROLS 


1. Physical Security 


Physical security can be divided into two major categories. First are those 
measures taken to protect against natural disasters such as fires, floods, and power 


outages/surges. Second are those measures, taken to protect against intruders. 


a. Natural Disasters 


Threats. The major area of concern for Informational Infrastructure in this area is 





due to power outages and surges as a result of storms, brownouts, and equipment failure. 
Damages caused by these types of threats can cause thousands of dollars worth of damage 
to both the equipment and the information stored on them. 
Controls. The following is a list of measures that should be considered to aid in 
minimizing the effects from these and other natural disasters [16]: 
e Mandatory use UPS (Uninterruptible Power Supply) for routers and servers. 
e Use surge protectors. 
e Schedule frequent backups of diskettes and hard disk drives (where 
appropriate). 
e Save documents being worked on frequently (applies primarily to word 
processing). 
e Locate equipment away from windows. 


e Keep equipment elevated to prevent damage due to standing water. 
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e Use adequate fire protection measures 


b. Intruders 


Threats. Physical access must be restricted in order to protect data and equipment 
against common criminals, so-called activists, espionage agents, and trusted persons 
engaged in any unauthorized acts. Computer systems are an especially attractive target 
for thieves. 

Controls. Due to the current nature of personal computers, physical access control 
measures are considered to be the best method for denying unauthorized access. The 
following is a list of measures that should be considered to aid in reducing the threat from 
intruders: 

Place equipment in limited access areas. This includes the space surrounding 
equipment processing sensitive information that is under sufficient physical and 
administrative control to preclude an unauthorized entry or compromise. 

Ensure systems are not left unattended during normal working hours (i.e.-- 
secured during coffee breaks, lunch breaks, etc.). 

e Use sign-in logs for systems used by multiple users. 

e Use access rosters of approved users to identify authorized personnel. 

e Use physical restraint devices to prevent removal of equipment. 

e Ensure that when an office space is vacant during non-duty hours, doors are 

secured and access is controlled. 


e Use achecklist for securing the area at the end of the day. 
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e Use a device that can be installed in the power circuit to terminate power that 
can then be physically locked to prevent restoration of power to the 
equipment. 

e Maintain accurate inventories of both hardware and software. These items 


should be listed by serial or plant property number. 


2. Software Security 


The Ministry of Foreign Affairs of Ukraine honors all licenses, copyrights, 
patents, restrictions, terms, and conditions associated with commercial, proprietary 
computer software. 

Personnel are not authorized to copy (other than for backup), modify or transfer 
purchased computer programs. "Pirating" (making unauthorized copies of software) is a ` 
violation of copyright laws, and employees are subject to indictment and conviction if 
found guilty. 

Unauthorized copies are illegal even if they are used only for the government job 
and are never taken home for personal use. 

Threats. A common practice on computer systems is to backup software onto 
diskettes. The ease with which this is done makes the theft or unauthorized use of 
government developed or procured software very inviting. The most common threat in 
this area, especially in Ukraine and other Former Soviet Union countries, is from the user 
who owns computer system and believes there is nothing wrong with making copies of 


software packages for their personal use. 
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Controls. A vast majority of the software being used on personal/desktop 
computers in the MFA falls into the category of off-the-shelf software. 

Most off-the-shelf software is proprietary or licensed and as such may not be 
distributed or copied without proper authorization. To ensure that government developed 
software 1s not misused or stolen and that the MFA does not become liable for improper 
distribution of commercial software products, the following measures should be adhered 
to: 

e Ensure original (diskette or CD) copies of software products are properly secured 
and accounted. 

e Periodically audit software inventory to verify holdings. 

e Ensure all authorized backup copies are properly secured and controlled by a 
proper authority. 

e Ensure users of software products understand they are not allowed to make copies 


for personal use or distribution by having them sign a document to that effect. 
3. Information Security 


The safeguarding of sensitive information is the topic of numerous publications 
and the basis for virtually all computer security requirements [17]. 

Threats. Information is one of the areas most frequently involved in fraud and 
abuse cases. Some of the more common threats are: the entering of unauthorized 
information, manipulation of authorized information, manipulating or improperly using 


information files and records, and creation of unauthorized files and records. 
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Controls. Information being processed on Informational Infrastructure in the 
MFA today covers the spectrum from classified to Sensitive Unclassified and is 
considered to be a valuable commodity. As such, appropriate measures must be taken to 
ensure the safeguarding of this information. The following measures, coupled with the 
ones covered under physical security, should be considered to aid in providing adequate 
information security: 

e Position terminal screens and printers to minimize unauthorized viewing. 

e Properly secure the original source material and computer generated output. 

e Properly secure the magnetic media (diskettes, tapes, removable hard disks, etc.). 

e Encrypt the data. 

e Use password protection for sensitive files. 

e Ensure removable disks and diskettes are properly marked. 

e Use adequate audit trails to track data from the original source documents through 
its input into the system and its final output or disposition. Audit trails should 
include information on who was accessing/using the information at any given 
point during its existence. 

e Avoid storing sensitive data on non-removable media such as a desktop 


computers hard disk, unless the system 1s located in a controlled space. 
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4. Environmental Security 


Threats. Although the range of environments that computer systems will operate 
in has expanded greatly, they are still subject to certain types of common environmental 
hazards. 

Some of the more common threats to the computer systems are: bad quality 
electrical power, smoke from cigarettes, spilled liquids, extreme temperatures, etc. 

Controls. Environmental threats are usually well known and easy to counter. Both 
the manager and user of computer systems should consider the following measures, in 
conjunction with those measures previously identified, to aid in countering environmental 
threats: 


e All equipment must be earth-grounded. 

e Do not operate equipment in temperature and humidity, which are outside of its 
indicated operating range. These conditions may be checked in the user's 
manuals. 

e Do not eat, drink or smoke in the immediate area of computer system. 


e Use antistatic pads and sprays to contro] harmful static electricity. 


5. Network Security 


Threats. Network security can be defined by those measures taken to prevent 
disclosure or modification of information through taps, manipulation of network 
interfaces, or components, and emanations. Since the MFA needs Internet access and it is 


not trustworthy, the internal systems are vulnerable to misuse and attack. 
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Controls. Usage of VPN and secure messaging system, as we discuss earlier, can 
prevent network information from some form of disclosure or modification. In addition, 
a firewall as MFA safeguard can be used to control access between internal trusted 
network and Internet. A firewall is not a single component, it is a strategy for protecting 
an organization’s Internet-reachable resources. A firewall serves as the gatekeeper 
between the untrusted Internet and the more trusted internal networks. 

The main function of a firewall is to centralize access control. Firewalls can also 
be used to secure segments of an organization’s intranet. Firewalls provide several types 
of protection: 


e They can block unwanted traffic. 


e They can direct incoming traffic to more trustworthy internal systems. 


e They hide vulnerable systems, which cannot easily be secured from the Internet. 


e They can log traffic to and from the private network. 


e They can hide information like system names, network topology, network device 


types, and internal user ID's from the Internet. 


e They can provide more robust authentication than standard applications might be 


able to do. 


The most sensitive parts of internal network may be protected by air gap. 


6. Personnel Security 


People are the most serious threat to computers and automated information. The 
unintentional errors people commit occur more frequently and cause more damage than 
do deliberate acts of sabotage. Unknowingly, people destroy or damage computers, 
related equipment, and software. Unwittingly, people enter incorrect data into the 
computer or erroneously alter data. Although many losses are caused due to unintentional 
acts, the intentional acts should not be overlooked. People intentionally damage, steal, or 
knowingly use automated information and computers for their own personal gain. It is 
important to remember that all security measures are vulnerable to users who have 
legitimate access. 

Threats. Personnel threats are basically internal. People internal to an 
organization can steal information or other assets for selling or personal use. Although 
diplomats have usually strong personal ethics, some MFA employee can take and use 
computer supplies (disks, printer cartridges, paper, etc.). Beyond theft of supplies and 
equipment is the abuse of assets. Common abuses include using the computer for 
personal business, browsing, preparing personal use software programs, and creating 
personnel use information, such as team rosters, scores, and handicaps. 

Controls. It is up to the manager to provide leadership and supervision that will 
instill confidence and promote strong personal ethics among employees. The following 
recommendations coupled with strong leadership should be considered to aid in providing 


adequate personnel security [18]: 
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Include both the organization's information security policies and the individual's 
responsibilities in information security training. 

Publicize procedures to report security violations and irregularities. 

Inform staff that unauthorized duplication and use of licensed software violates 
the law. 

Indoctrinate new employees to their ethical responsibilities. 

Conduct periodic security briefings for all personnel dealing with sensitive 
information. 

Ensure personnel are aware that they are responsible for the products of the 
information systems they process. 

After annual security training, require personnel to sign a statement that they 
understand their information security responsibilities. 

Assign responsibility for the equipment and the information processed on it to 
users of computer systems. 

Encourage personnel to be involved in risk analysis and contingency planning. 

Be alert to unusual employee behavior -- low morale, refusal to take leave, or 
personal problems that may indicate vulnerabilities, which could lead to 


information security problems. 
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7. Administrative Security 


Some of the most frequently overlooked security measures that can be 
implemented are simple administrative procedures. Although these procedures tend to be 
simple in nature, they are sometimes the most important ones to enforce. 

Managers and users of computer systems should ensure administrative 
procedures, such as those previously listed and the following, are closely adhered to: 

e Conduct periodic inventories of hardware and software products. 

e Ensure equipment is appropriately carried on an individual's property account. 

e Do not share passwords with anyone else. 

e Do not tape passwords to desks, walls, or terminals. Commit it to the 

memory. 

e Establish and enforce password rules and be sure everyone knows them. 

e If audit trail printouts are produced, review them regularly and frequently. 

e Use a filing system to keep track of removable disks and diskettes. 

e Ensure procedures are in place for laptop computers. These procedures 

should, at a minimum, address: 

1. Conditions under which they may be checked out. 

2. Check in/out procedures and forms. 

3. Traveling safeguards (i.e. - hand carry, do not leave in hotel rooms, airline 


policies, etc.). 
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Summary. Information technologies are inherently double-edged swords: they 
work for the benefit of the good users and provide new potentials for criminal and 
improper activities. In our case for MFA Information Infrastructure, it is possible to 
achieve reasonable security, but it is necessary to understand the nature of the 


vulnerabilities and how to devise strategies for protection. 
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IX. LEGACY SYSTEM USAGE 


A. INTRODUCTION 


According to Table 1, almost fifty percent of computers in the Ministry are old 
386 and 486 PCs. The necessity of using this heterogeneous computing environment is à 
fact of life in the organization. The Ukrainian government does not have enough money 
for replacing old PC with new. Lowering a Total Cost of Ownership (TOC) is a very 
important issue. 

For the effective usage of this legacy hardware, we can deploy the thin- 
client/server computing model. Under this model, the application execution and data 
Storage occurs on a central server (or servers), and only a thin piece of client software is 
required at the client system. One way to achieve this server-based application 
architecture ıs to re-write enterprise applications. A more practical method is to use 
universal, thin-client software in conjunction with an application server and a distributed 
Windows display protocol. 

There are several software products for this purpose: 


1. IBM’s “WorkSpace On-Demand", a thin-client environment based on OS/2 
Warp and Java; 
Microsoft NT Terminal Server 4.0 Edition; 
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3. WinFrame/MetaFrame software by Citrix Systems Inc., based on Windows 
NT Terminal Server 4.0; 

4. Liftoff 2.1 by New Moon Software Inc.; 

5. ALTiS by EPiCON, Inc. 
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The ALTiS and Liftoff clients run only with standard Microsoft Windows 95 and 
Windows NT Workstation and cannot be used by legacy desktop computers. 
"WorkSpace On-Demand” runs only OS/2 server - operation system that MFA does not 
have. MS Terminal Server cannot work with DOS and UNIX clients and has other 
limitation. 


Therefore, only Citrix MetaFrame server satisfied requirements. 


B. THE THIN-CLIENT/SERVER COMPUTING MODEL 


MetaFrame is the server-based computing software for the Citrix - Microsoft co- 
developed Windows NT 4.0 Server, Terminal Server Edition multi-user software. 

Thin-client/server computing requires a multi-user operating system. This allows 
multiple concurrent users to log on and run applications in separate, protected sessions on 
a single application server. This type of server-based computing model is especially 
useful for MFA, because it solves the critical application deployment challenges of 
management, access, performance and security. 

The user applications execute on the Terminal Server and are accessible through 
thin-client software over dial-up, LAN, WAN and Internet connections. The server-based 
architecture provides users with consistent, high-performance and universal access to any 


type of application, including DOS, Windows 16, Windows 32 and client/server 
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programs, regardless of available bandwidth or client hardware. The multi-user 
application server design provides IS managers with a manageable and cost-effective way 


to deliver business critical applications. [19] 
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Figure 13. Thin-Client/Server Architecture [20] 


Windows Terminal Server is based on Citrixs WinFrame product. Citrix 
provides a bolt-on, MetaFrame, which adds functionality to Terminal Server, including 
support for DOS, OS/2, Unix, Java and much more. 


With this new software, MFA will be able to: 
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e Bring thin-client/server computing to heterogeneous computing environments, 
providing access to Windows-based applications—regardless of client 
hardware, operating platform, network connection or LAN protocol. 

e Offer organization-scale management tools, allowing IT specialists to scale, 
deploy, manage and support applications from a single location. 

e Combine seamless integration of the user's local and remote resources and 


applications with exceptional performance. 


Citrix MetaFrame software based on Windows NT Terminal Server 4.0 offers 
ways to lower both long-term desktop management costs, as well as short-term capital 
outlay costs. First, since all applications reside only in a single central place—on the 
server—there is no client application software that must be developed, installed, a 
updated on the desktop. This makes application development, rollout, and updates less 
complex. Second, because all user profile information 1s stored on the Terminal Server, 
client desktops are administered centrally by the server. Third, remote administration 


capabilities further reduce the cost of handling helpdesk calls. 
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x CONCLUSIONS AND RECOMMENDATIONS 


A. CONCLUSIONS 


The construction of an information infrastructure to support Ukrainian diplomacy 
in the 21st century is one of my most critical and urgent objectives for the Ministry of 
Foreign Affairs of Ukraine. Providing this technology to the MFA means deploying the 
modern information networks needed for rapid, secure MFA communications worldwide, 
strengthening information systems security, and ensuring Year 2000 compliance for 
critical communication and computer systems. 

Thesis research includes a detailed analysis of intranet technology, virtual private 
networks, secure messaging system and the development of a feasible solution for this 
government organization. Several major issues were introduced and then discussed in the 
thesis. 

Existing MFA Information Infrastructure was shown to be inadequate to meet 
organizational needs. Fragmented, unsecured, static, and costly data-storage and limited 
data-retrieval systems are relics of the past. Information flow, IT department roles and 
Structure should be definitely changed. The technology now exists to transform both the 
Organization and information infrastructure to meet the challenges of operating in a 
dynamic, uncertain, and complex worid. Nowadays question is not "What can technology 
do?" but "What do we want it to do?" 

Another issue discussed an intranet technology overview and possible application 


of this technology. Intranet may work as a basis for the future of MFA Information 


81 


Infrastructure. The benefits, offered by the intranet, include cost savings, minimal 
training, single source of data, links to outside data sources, and easy management and 
delivery of information. Intranet implementation may be based on NT 4.0 server platform 
and Apache 1.3 web server. 

The Internet is an almost ideal but not a secure media for information retrieval and 
exchange between MFA offices around the world. Virtual Private Network systems 
enable distributed private networks to communicate securely over untrusted, public 
networks. They encrypt transmitted information with complicated algorithms to hide 
sensitive data from unauthorized access. The MFA of Ukraine can implement this 
important part of the information infrastructure using software add-ons to routers, 
software firewalls with encryption patches, software VPN systems, or dedicated hardware 
VPNs. 

However VPN technology does not provide encryption to the desktop, or address 
"person to person" authentication issues and it can leave the interior of such networks 
open to attacks from the inside. By using the secure client software, the MFA can be able 
to build secure messaging system between offices and individuals across the Internet. 

The issue how to build an end-to-end networking solution also was discussed. 
Network design and requirement steps shown in the thesis can provide feasible cost- 
effective solution. 

The issue how to protect the Information Infrastructure from security threats, 


without excessively affecting productivity and cost was discussed in terms of a number of 
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common threats and countermeasures. While no network is 100% safe, a good strategy 
and vigilant efforts by knowledgeable experts can provide a reasonable tradeoff. 

The necessity of using this heterogeneous computing environment is a fact of life 
in the MFA. Ukrainian government does not have enough money for replacing old PC 
with new. Lowering a Total Cost of Ownership (TOC) is a very important issue. For the 
effective usage of this legacy hardware, we can deploy the thin-client/server computing 
model, based on Citrix MetaFrame software and Windows NT Terminal Server 4.0. 

Through use of VPN, secure messaging and intranets, it is increasingly a way of 
connecting to diplomats, specialists, public and provide basis for development modern 


Information Infrastructure for the Ministry of Foreign Affairs of Ukraine. 


B. RECOMMENDATIONS 


In order to design and implement a modern Information Infrastructure, MFA of 
Ukraine must pass through several steps of system development. These steps are based 
on each other and can not be omitted. 

Phase 1. Decision to invest in a new Information Infrastructure and project initiation. 

Activity: 


1. Creation of dedicated budget for II development.? 


? The US State Department will invest $118 million in information technology in 1999. (an increase of 
budget approximately $32 million -- from $86 million in 1998. The State Department has $2.1 billion 
operating budget in 1999)[21] 
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Increasing number of specialists in the IT department (up to at least 12-15 
people)*. 

Creation an "IT specialist" posts in the embassies. 

IT personnel training and education (security officers, network administrators, 
software engineers, etc.).? 


Cost/benefit and data-flow analysis. 


Phase 2. Pilot projects development and testing. 


Activity: 


l; 


4, 


5% 


6. 


Design two or three alternative projects for Information Infrastructure 
development. 

Pilot projects development for the Intranet, VPN, and secure messaging 
system. 

Pilot project testing. 

Choosing the best IT solution. 

Security policy development. 


Network management system development. 


Phase 3. Network and desktop hardware deployment and testing. 


Activity: 


l. 


Equipment and software purchasing. 


4 The US State Department employs a workforce of about 14,000 Americans employees. Approximately 
1,450 of them are information technology specialist [21]. Therefore, the ratio is 10:1. For the MFA of 
Ukraine, this ratio is 1000:1. 


5 In 1999, the US State Department would like to push average IT training to 3 weeks per year [21]. 
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2. The MFA building wiring according to chosen network topology and 

architecture. 

3. Making an additional connection to the Internet. 

4. LAN deployment. 

5. Network and desktop hardware testing. 

Phase 4. Application system deployment and testing. 

Activity: 

i. Intranet deployment and testing. 

2. VPN deployment and testing. 

3. Secure messaging system deployment and testing. 

4. Legacy support system deployment and testing. 

5. The MFA personnel training. 

Phase 5. System usage and maintenance. 

Activity: 

]. System on-going operation and upgrade. 

2. Security Policy implementation and audit. 

Developing a phased approach to implementation of Information Infrastructure 
delivers real and tangible benefits to the Ministry, Ukrainian Government and public. 
Modern information technology can provide for the MFA of Ukraine information 
superiority achieved through global, affordable, and timely access to reliable and secure 


information for worldwide decision-making and operation. 
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APPENDIX A. WEBSERVERS QUICK COMPARISON 





| Detailed information about "Apache:1.3" and "Internet Information Server 4.0" 


|. . Serverlnternet information Server [Apache 
Version) OM E IT CULMEN uu ONE 
Vendo 

Website of Vendo www.microsoftcom/is ^ [Wwww.apache.ore 


| Best FeaturesActive server pages; support for Microsoft Fast, supported by public development. 


APIs; ODBC driver support. 
PriceFree with NT 4.0 option pack sree oooO O O 
| Operating SystemWindows NT NetBSD, Digital UNIX, BSDI, AIX, OS/2, 
SCO, HPUX, Windows NT, Linux, 
reeBSD, IRIX, Solaris 










Launching andiCan write to multiple logs an write to multiple logs 
LoggingLog files can be automatically cycled or Log files can be automatically cycled or 
archived archived 
Can generate referer log entries an generate referer log entries 
| Server can generate non-hit log entries (such|Server can generate non-hit log entries (such 
| as comments) as comments) | 
| Performance measurement logs GI scripts can create their own log entries 
GI scripts can create their own log entries [Can serve different directory roots for 
an serve different directory roots for different IP addresses 
different IP addresses ERN/NCSA common log format 
ERN/NCSA common log format Runs as Windows NT service and/or 
Runs as Windows NT service and/or application 
application an run from inetd (Unix and OS/2 systems 


an listen to multiple addresses and ports only) 
Normal (hit) log entries can be customized ¡Can listen to multiple addresses and ports 


an track individual users in log Normal (hit) log entries can be customized 
Logging with syslog (Unix) or Event Log Logging with syslog (Unix) or Event Log 
(Windows NT) (Windows NT) 
an generate browser log entries an generate browser log entries 
Apache 
Protocol Support andComes with SNMP agent Supports HTTP/1.1 persistent connections 
IncludesSupports HTTP/1.1 persistent connections Supports HTTP/1.1 byte ranges 
Supports HTTP/1.1 byte ranges Access to server state variables from CGI or 
Access to server state variables from CGI or lother scripting 
other scripting Select documents based on Accept header 


INon-supported methods can invoke a script |Supports HTTP/1.1 PUT 
Select documents based on Accept header [Includes based on HTML comments 


Supports HTTP/1.1 PUT Server can force includes 
Server can force includes Select documents based on User-Agent 
ncludes can be based on request headers header 
Select documents based on User-Agent Has built-in image-map handling 
header Understands full URIs in HTTP/1.1 requests 
as built-in image-map handling Automatic response to If-Modified-Since 


Understands full URIs in HTTP/1.1 requests Has built-in scripting language | 


Automatic response to If-Modified-Since [Automatically include any HTTP headers in | 


| m" PET 
| [Has built-in scripting language responses | 
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| 

| 

| 

Includes based on HTML comments ncludes can be based on request headers 
| 

| 


Automatically include any HTTP headers in 


responses 
Supports Microsoft ISAPI 





Maps 


Securi 


Integrated certificate server Prohibit access by domain name 
Prohibit access by domain name ID CGI Execution | 
UID CGI Execution Prohibit access by IP address 
Prohibit access by IP address Prohibit access by user and group 
Prohibit access by user and group an change user access control list without | 
Supports S-HTTP restarting server 
an change user access control list without |Hierarchical permissions for directory-based 
estarting server documents 
ierarchical permissions for directory-based |Prohibit access by directory and file 
ocuments onfigurable user groups(not just a single 
rohibit access by directory and file user list) 
onfigurable user groups(not just a single an hide part of a document based on 
ser list) security rules 
an hide part of a document based on Supports SSL v. 2 
security rules Supports SSL v. 3 
Supports SSL v. 2 Can require password(Authorization: user) 
Supports SSL v. 3 Security rules can be based on URLs 
Supports Set 


an require password(Authorization: user) 
Security rules can be based on URLs 


Default Security Mode 


Additional Securi 









Featuresmanager, mapped to NT authentication. 


challenge response, X.509 certificate 


Other FeaturesGUl-based setup GUI-based setup 


a oS o “Pf a nn 





Script or action based on output media type [Script or action based on output media type 
GUI-based maintenance ncludes full source code for server 
Iso serves other TCP protocols GUI-based maintenance 
ncludes user interaction tools Iso acts as an HTTP proxy server 
Allows non-blocking DNS as a support mailing list 
Multi-Threaded ncludes user interaction tools 
eal-time performance measurement tools ulti- Threaded 


Has direct(non-CGI) link to a DBMS Has direct(non-CGI) link to a DBMS 
Automatic directory tree Automatic directory tree 
Jser directories User directories 
Search engine Search engine 
emote maintenance roxy server also caches 
Remote maintenance 
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APPENDIX B. VPN FEATURES COMPARISON [21] 


| Products and Services 

VPN Turnkey | : ke ess m 
Solutions. 

o e 


- NI Encrypted sc Pipeline 220 router, Security Dynamics 
ME end.c com 
Starter Kit | 




















Communic SC authentication, iPSec encryption with dynamic 


512,000 | 
ations 


irewall technolog 

Ba -bayAuthenticates against internal databases; X.509 

Ree pet ertificates, NT Domains; DES, DES-3, RC-4, RSA $50,000 
encryption 





| 
Extended |ExtendNet ends pt PC-to-LAN server for 10 to 100 remote users via 10 connections, $2,999; 50 | 
Systems |VPN is PPTP; supports 40-bit encryption onnections, $5,999 
Fortress fort 
QuickStart Packet compression; dynamic random key exchange;,, 
nahen DES-3, or 128-bit IDEA encryption 10,000 | 











imati 
SR ire. |Uses Message Authentication Code, not tokens; SS 
Engineerin Nátrade com FIPS 140-1 certification; DES, IPSec encryption 


isol i ed ; 
Isolation Sue P! Router and firewall; X.509 certificates; Security 
Sum puo pn er authentication; DES, DES-3 encryption — 99:200 plus $49.95 per client. 
CiPro 
Radguard d Hardware certificate authority; ISA/KMP Oakley key 
aoard ve en pe DES, Ipsec encryption $10,000 


Permit Tm Check Point Software Firewall-1; Permit/Director for 
imestep estep.co 

Enterprise | management: Permit/Client for remote access 
YPN -- E ; T i = 
Services inis 


Company Product URL Ke features E O m EE 


ANS ANS ved Supports IDEA, DES, and RC4 data encryption; mes 
VPDN IPsec promised in the future 


From $103/month for 16Kbps 










approx. $20,000 











orldNet Guaranteed bandwidth; secure IP addresses, help- access to $2,366/month for 
AT&T VPN desk services for remote users: RADIUS 1024Kbps: remote access, 
| Service authentication. p 


$3/hour 
Up to 100 users; supports L2NP, CompuServe 
Authentication Service; RADIUS authentication; DES 


aries 
encryption 


Site Patrol -bb ¡Designed for foreign subsidiaries of U.S. companies; 
—7 d en using the TIS Gauntlet. 93, /50/month 


InternetM net¡Combines firewalls, secure remote access, help-desk 
Between $2-$6 per hour. 


MCI CI VPN om services, guaranteed completion rates; authentication 
aries 


IPLink 






CompuSer 
e 








CheckPoint SecuRemote tunneling software 


Secure et Firewall technology from Cisco, Milkyway Networks 


een (Connect omi co and Secure Computing when designing a VPN. 
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.psi. Com a . . 
; : plete custom hardware/sfotware/service solution 
Psinet lese en or private networking between LANs Manes 
Guaranteed connectivity, secure IP addresses; DSS 
Varies 







Extralink 






authentication, Diffie-Hellman public-key exchange, 
L2TP tunneling; DES encryption 
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APPENDIX C. SOME VPN SERVERS FEATURES COMPARISON [22] 


VPN Server 
Hardware 


Vendor 


URL 
Phone 


Price 


VPN protocol 


Configurations: 
Host-to-LAN 
LAN-to-LAN 


VPN granularity of unit 
tested 


LAN Interfaces 
(number:type) 
Simultaneous 
connections 
Vendor-specified 
throughput 


User authentication 


Data integrity (secure 
hash) 


Encryption 


Key management 


Data compression 
Load balance across 
servers 

Tunneled protocols 
Management 
Interfaces: 

Serial 

SNMP 

HTTP 


VPN Client 
Software 


Price (per client 
license) 


v1.4 
Extended 
Systems 


www.extendedsystems. 


com 

(800) 235-7576 
$2,999 with 10 clients, 
$9,999 with 50 clients 


PPTP, Layer 2 tunnels 
Yes 
No 


Tunnels all traffic sent 
over adapter interface 


1: 10Base2, 10BaseT, 
or 100BaseTX 


10-50 
3.94 Mbps 


CHAP, MS-CHAP, 
PAP, RADIUS 


PPTP packet 
authentication 

40-bit MPPE, 128-bit 
MPPE* 

MS RAS shared secret; 
session key changed 
every 256 packets 
MPPC 


No 
IP, IPX 


No 
Yes 
Yes 


Microsoft VPN 
Adapter 


VPN-1 v3.1.1 
Fortress 
Technologies 
www.fortresstech.com 
(813) 288-7388 
$5,995 


Secure Packet Shieid, 
Layer 3 encrypted 
sessions 


Yes 

Yes 

Encrypts all traffic sent 
into a Class Bor C 
subnet 


VSU-1010 v1.1 


VPNet 
Technologies 
www.vpnet.com 
(888) 876-3888 
$4,995" 


IPsec Layer 3, tunnel & 
transport mode 


Yes 

Yes 

Tunnels all traffic 
between a defined set 
of hosts or subnets 


2: 10BaseT or 10Base2 2: 10BaseT 


1,024 


4.5 Mbps 


Unit authentication, but 
no individual user 
authentication 

Dual checksums (one 
unencrypted, one 
encrypted) 

128-bit IDEA, 56-bit 
DES"*, 168-bit DES3** 
Encrypted DH common 
key and random 
dynamic key exchange 
Lempel-Ziv 


NO 
IP 


No 
No 
No 


NetFortress 
Remote v1.1 


Included in server price $99 


2 


600 
10 Mbps 


RADIUS, CHAP, and 
SecurlD (w/ RADIUS) 


MD5 


96-bit DES, 112-bit 
DESS" 


SKIP 


Stac Lempel-Ziv 
Yes 
IP 


Yes 
Yes 
No 


VPNremote 
v2.1 


>99 


Platforms 


Method of operation 
Stacks supported 
VPN = 
Management 
Software 


Price 
Piatforms 


Management interface 
to VPN server 


Output used to 
configure VPN client 


Windows 95 with 
Microsoft DUN1.2b, 
Windows NT 


integrated with DUN 


_ MSTCP, Novell 


InterprEYES 
v1.5 


Included with Server 


Windows 95, NT 
SNMP (remotely over 
PPTP) 


None (DUN Client is 
manually configured) 


Windows 95 with 
Winsock2 


Shim between TCP & 
NDIS3 
MSTCP 


NetFortress 
Manager v.1.1 


$1,995 

Windows 95 with 
Winsock2, Windows 
NT 

Secure Packet Shield 
encrypted session 
Centrally-generated 
signature (executable) 
files 


* Features corresponding to version sold in US only 
** DES and DESS currently supported by VPN-1 (LAN-to-LAN) but not yet by NetFortress Remote 


(Host-to-LAN) 


Windows 95 


Shim between TCP & 
NDIS 


MSTCP, OnNet32. 


VPNmanager 
v2.0 


$3,995 


Netscape 3.x browser 
running Java VM 


SSL 


Centrally-generated 
configuration files 


APPENDIX D. S/MIME PRODUCTS 


S/MIME Product name Vendor web site 


Baltimore Technologies’ MailSecure http://www. baitimore.ie/products/mailsecure/ | 


Entrust hitp://www.entrust.com/ | 


Microsoft Outlook and Outlook Express | http://www.microsoft.com/products/prodref/608_ov.htm 
| 


| Netscape Communicator http://home.netscape.com/browsers/index.html 
| 

OpenSoft ExpressMail http://www.opensoft.com/products/expressmail/overvie w/client 
| SSE TrustedMIME http://www.sse.ie/trustedmime.html 












VeriSign Digital ID http://www.verisign.com/ 
| WorldTalk http://www.worldtalk.com/Products/WSS/wss.shtm 


NEL Mahobin http://www.nel.co.jp 


RSA BSAFE S/MIME-C Toolkit 








http://www.rsa.com/rsa/products/smimec/ 
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APPENDIX E. PGP VERSION 6.0 FEATURES [23] 


Secure Viewer. Secure Viewer is PGP’s software solution to protect the private 
information on your computer screen from interception through electromagnetic 
radiation—also known as TEMPEST attacks. It is widely known that eavesdroppers, 
with special equipment, can capture and reconstruct video screen content from radio 
frequency radiation. When text 1s encrypted with the Secure Viewer option enabled, 
the decrypted text is displayed in a special TEMPEST attack prevention font and 
window that are unreadable to radiation capturing equipment. The Secure Viewer 
feature allows you to securely view your decrypted text. 

PGPdisk Functionality. PGPdisk functionality is built into PGP version 6.0. PGPdisk 
IS an easy-to-use encryption application that enables you to set aside an area of disk 
space for storing your sensitive data. * Added Plug-ins. Email plug-ins for Outlook 
Express and Outlook 98 are included. A Groupwise plugin is available separately. 
Added Plug-ins. Email plug-ins for Outlook Express and Outlook 98 are included. A 
Groupwise plugin 1s available separately. 

Photographic User ID. You can add your photograph to your public key. Photo IDs 
can be signed just like a user ID to provide extra information when verifying the key. 
Secure Communications with the PGP Certificate Server 2.0. PGP provides a secure 
connection when any query is sent to the server. This secure connection prevents any 
traffic analysis which might determine the keys you are retrieving from or sending to 
the server. 

Secure Deletion from the PGP Certificate Server. You can delete or disable your own 
key on the server by authenticating yourself through Transport Layer Security (TLS). 
PGPkeys Toolbar. An iconic toolbar has been added to PGPkeys for easy access to the 
most frequently used key management functions. 

Unknown Recipient or Signer Server Lookup. When decrypting or verifying a 
message, you can automatically perform a server lookup on all the keys which the 
message 1s encrypted to or signed by to determine their identity. 

Subkey Management. (Diffie-Hellman/DSS keys only) With the subkey management 
feature, you can manage your encryption (DH) and signing (DSS) keys separately. 
Signature Reverification. The signatures collected on keys are automatically verified 
when added to your ring. It is possible, however, whether through data corruption or 
malicious tampering, for invalid signatures to exist. This new feature allows you to 
reverify the signatures to ensure that they are valid. 

Signature Expiration. You can create signatures on other keys that will expire after a 
given date. 

Enhanced Interface. An intuitive toolbar has been added to PGPkeys for easy access 
to the most frequently used key management functions. 





95 


Improved Application Integration. The PGPtray allows in-place 
encrypt/decrypUsign/verify with most applications without the need for an explicit 


copy and paste by the user. 

Free space Wipe. PGPtools now has the ability to wipe all free space on your disks. 
Enhanced Wiping. Both file and volume wiping now use a significantly enhanced set 
of patterns over multiple wipes specially tuned for the media types in use by today’s 
computers. 

Key Splitting. Any high security private key can be split into shares among multiple 
"shareholders" using a cryptographic process known as Blakely-Shamir splitting. 
Designated Revokers. You can now specify that another public key on your keyring is 
allowed to revoke your key. This can be useful in situations where you are afraid of 
losing your private key, forgetting your passphrase, or in extreme cases such as a 
physical incapacity to use the key. In such cases, the third party you designate will be 
able to revoke your key, send it to the server and it will be just as if you had revoked it 
yourself. 
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